The 411 on Aqfer’s Data Privacy, Security, and Compliance Framework

Unless you’ve been living under a rock, you’ve seen recent reports of billion+ dollar GDPR noncompliance fines for technology giants like Google and Meta. Data privacy and security have never been more important to consumers. And with astronomical fines on the line, the stakes have never been higher. As we enter the slow summer season, it’s a good time for your company to review your data privacy, security, and compliance practices.

By prioritizing data privacy and security best practices, technology companies can establish themselves as trustworthy partners who protect their customers’ sensitive information, even in fast-moving regulatory environments.

What B2B Technology Companies Need to Know about Data Privacy in 2023

Today, data privacy standards change seemingly by the minute. General Data Protection Regulation (GDPR) rules and regulations are ever-growing. And while GDPR is now ubiquitous in Europe, regulations are evolving on a state-by-state basis here in the US as well. But GDPR isn’t the only concern when it comes to data protection and compliance. 

Understanding and implementing best practices in data privacy and security is essential to protect customer data, maintain trust, and comply with regulations. Here are some key considerations for B2B technology companies:

8 Data Privacy and Security Best Practices


  1. Compliance with data protection regulations: It’s critically important to maintain compliance with GDPR in Europe and other privacy laws worldwide. This involves obtaining proper consent for data collection, implementing robust security measures, and providing transparent information about data usage.
  2. Data encryption and secure storage: Technology companies should adopt industry-standard encryption techniques to safeguard data in transit and at rest. Additionally, storing data in secure environments with access controls, firewalls, and intrusion detection systems is critical.
  3. Strong access controls and authentication: Implementing strict access controls and multi-factor authentication mechanisms helps prevent unauthorized access to sensitive data. Limiting user privileges and regularly reviewing access rights are essential practices.
  4. Regular data audits and risk assessments: Conducting comprehensive data audits and risk assessments enable B2B technology companies to identify vulnerabilities, assess potential threats, and implement appropriate security measures. Regular monitoring and updating of security protocols are also necessary.
  5. Employee training and awareness: Data privacy and security practices should be ingrained in the company culture. Regular training sessions for employees can help raise awareness about potential risks, teach best practices, and ensure everyone understands their role in maintaining data security.
  6. Incident response and data breach protocols: Having well-defined incident response plans in place is crucial. This includes a clear chain of command, notification procedures, and steps to mitigate the impact of a data breach, such as informing affected parties and cooperating with regulatory authorities.
  7. Third-party vendor management: Many B2B technology companies often collaborate with third-party vendors. It is crucial to ensure that these vendors have robust data privacy and security practices in place. Contracts should clearly outline responsibilities, including data handling and protection.
  8. Privacy by design: From the earliest stages of development, privacy should be built into the fabric of every product. Implementing privacy-by-design principles ensures that data protection measures are integrated into the product architecture, rather than added as an afterthought.

The Aqfer Approach to Data Privacy & Compliance

Data privacy, security, and cross-border compliance are topics that our teams think about constantly. Perhaps that’s the influence of our CEO and founder, Daniel Jaye, who was part of the teams that pioneered digital privacy standards and technologies from the outset of the Internet. 

As a result, Aqfer made privacy governance an intrinsic part of the DNA of our Marketing Data Platform-as-a-service. Strategic and tactical data use and governance are inseparable, thus Aqfer’s products are built around a proactive transactional privacy framework as opposed to the typical, more reactive administrative privacy governance. Essentially, we’re managing, governing, and auditing as part of the “data plane” versus the “control plane.”  

Aqfer’s built-in privacy compliance framework provides clients with a cost-effective approach to tracking consumer behavior in a compliance-managed way that does not require expensive technical resources to manage, develop or support. 

Privacy Is Built Into Our DNA

Privacy metadata is gathered as users set preferences while interacting with content and advertising. Aqfer’s platform maintains configurable rules for actively monitoring inbound data to confirm compliance.

First-party tag for collecting consent and limiting ID synchronization to consented activation partners.

APIs to support Right of Access and Right to be Forgotten

Automated rules to limit outbound transfers of data based on restrictions or lack of consent

Audit-ready: all privacy compliance metadata is embedded with customer data and collection/access events.

 Aqfer Universal Tag Data Privacy Features

Aqfer Universal Tag (aUT) supports compliance with your organization’s data protection obligations. You or your client are the Data Controller, in GDPR terms, and Aqfer is the Processor (or a Sub-Processor if you are a Processor).

The following specific features are part of the aUT privacy framework:

  • Any personal information collected is under your control and direction
  • Data is encrypted in transit and at-rest
  • Data is deleted from Aqfer’s transient data store (AWS S3) immediately after confirmed receipt of data by our client at their endpoint. Transfers happen throughout the day, typically hourly.
  • Aqfer personnel have no access to our clients’ data.
  • Aqfer personnel are governed by our SOC 2 certification
  • Opt-out can be implemented by cookie or according to DAA specifications
  • Enforcement happens in our edge logic running on Akamai’s CDN, predominantly in the same jurisdiction as the user and before data collection or a cross-border data transfer occurs.
  • Ability to control partner tag deployment by country.

GDPR IAB EU TCF 2.2 is supported, including:

  • Receipt and logging of TCF consent strings passed in via the aUT data layer
  • Verification that our client’s GVL ID is authorized for this client 
  • Prevention of firing of partner tags based on the partner’s GVL ID and the consent string
  • Ability to pass consent string to partners for their auditing and downstream governance
  • Ability to set defaults for cases where enforcement is delegated

CCPA IAB US Privacy is supported, including:

  • Receipt and logging of Privacy Strings passed in via the aUT data layer
  • Verification that the privacy string allows processing.
  • Prevention of firing of partner tags based on the privacy string.
  • Ability to pass privacy string to partners for their auditing and downstream governance
  • Ability to set defaults for cases where enforcement is delegated

Staying Up to Date with Data Privacy Standards Has Never Been More Important

As global communities become more and more connected, governments are moving towards giving consumers more control over their own data. Given this landscape, it is vital to confidently identify and isolate individuals by location (ex. CA and EU) and comply with local privacy laws.  With more privacy regulations coming in the future, marketers must know where their consumers are in real-time, and be able to manage that information in one central repository.

Strong centralized platforms capable of ingesting and activating first-party data are essential. With Aqfer, you can proactively bring compliance to the data versus reactively bringing data to compliance. 

While this post has shared an overview of the privacy and compliance features within Aqfer’s Marketing Data Platform-as-a-Service, we’ve only just scratched the surface. We recently released a white paper that dives deep into today’s data privacy and security landscape. You’ll learn about evolving consumer and brand expectations around data privacy and security for the coming year. Expect to gain a better understanding of global data privacy regulations beyond GDPR and the importance of data privacy as it relates to industry trends like the cookiepocalypse, AI and data clean room development.  Plus, the paper dives deep into  privacy and security features built into Aqfer products

Download Your Copy:

The 2024 State of Data Privacy & Security Report